Gartner Blog Network

Why Does Identifying Data Owners Have to be so Hard?

by Neil MacDonald  |  November 10, 2010  |  Comments Off on Why Does Identifying Data Owners Have to be so Hard?

One of my readers sent in this picture from one of their offices. They are moving locations, so all of the file cabinets need to be indentified with clear owners. Take a look:

file cabinets

The pink labels (on every file cabinet) say “unidentified cabinet” – meaning the cabinet has no clear owner and the contents are unknown.

The contents of the cabinet could be important. or it might be outdated material that is just wasting space and should be disposed of. No one knows because the owner of the information isn’t known and the contents aren’t labeled.

We’re building electronic versions of this same mess in our data centers.

While we might have a fairly good handle on structured data in databases, we don’t have this same knowledge about what’s in our file shares and in our collaboration systems (like SharePoint).

Unstructured data is a blind spot.

Your first reaction might be “Doesn’t a file share show the “owner”?” Technically, yes, but in reality most of these are stamped with the administrator’s id, not the actual owner of the file. That’s like saying the facilities administrator has responsibility for all of these file cabinets.

How do we get visibility into the true owners of data and information? A couple of solutions are available to provide us this intelligence. Varonis has had this capability for a while across file shares and SharePoint. Imperva just released its technology for monitoring fileshares with SharePoint on the roadmap. Symantec released an interesting technology called Data Insight to help tackle the same problem.

As information security moves up the stack to protect applications and information, we’ve got to get a better handle on where sensitive information resides throughout its entire lifecycle – Data Lifecycle Protection.

Data (lifecycle) protection is the process of identifying and understanding where and how sensitive information is created, consumed, processed, moved, shared, stored and retired and protecting it throughout this lifecycle.

Without this, we end up looking a lot like the picture above – information filed away with no clear owner and no clear purpose.

Information is like inventory – if it just sits there, it’s a waste of resources.

Category: information-security  next-generation-security-infrastructure  

Tags: information-security  next-generation-security-infrastructure  sharepoint-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.